Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
 t_donnet
		
			t_donnet
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi,
Context: on Qlik Sense Entreprise, there is two RootAdmin. One of them is the "real" RootAdmin and the second isn't completly. 
The second RootAdmin doesn't have the right to export/duplicate some apps (sensitive data). It's complicated to limited for a RootAdmin role on apps that he shouldn't be allowed. He needs to have all access(HUB/QMC), except on the specific apps and/or to modify security rules (Only read).
How to create a security rule(s) to limit the interaction on the securtiy rules section ?
or
How to create a custom role ("Custom Admin") with full access and limit on specific apps and/or security rules? 
Regards,
Théo
 Jack_Guo
		
			Jack_Guo
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi @t_donnet ,
Hope you can get some idea from the below link
The CustomAdmin role will not have access to the Security Rule section in QMC unless you add resource filter 'QmcSection_SystemRule' in the CustomAdmin QMC access security rule.
Hope this helps.
 t_donnet
		
			t_donnet
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Jack,
This way is interesting.
Do you have the list of the complete resource?
By the way, this CustomAdmin role will still have the rights to export and duplicate all applications.
Regards,
Théo
 Jack_Guo
		
			Jack_Guo
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi @t_donnet ,
You can find the list of available Resource Filters via the below link.
Yes, CustomAdmin role can have the rights to export or duplicate all apps. For example, resource filter 'App_*, Actions 'Export and Duplicate'. Refer to the first link I sent to you in my last reply.
 Filippo_Nicolus
		
			Filippo_NicolusYou could check an example with screenshots here https://community.qlik.com/t5/New-to-Qlik-Sense/How-to-create-custom-User-Roles-in-Qlik-Sense/td-p/1... .
 t_donnet
		
			t_donnet
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi Filippo,
Thanks for you help.
The idea behind my request is the intellectual protection of scripts.
How to give most permission to the client user while our apps/scripts is 'protected' ?
Regards,
Théo
 Filippo_Nicolus
		
			Filippo_NicolusHi
From here in the condition in pseudo code .... and ( resource.objectType!= "app_appscript" or resource.objectType!="loadmodel") .... .
